On Debian-basd systems, update /etc/defaults/rkhunter and set APT_AUTOGEN="true".
This will run "rkhunter --propupd" after every run of "unattended-upgrades"-- the nightly security updates. On other distros, you can implement the same idea if it's not supported. On Wed, Feb 20, 2019 at 3:34 AM Marco Strullato <marco.strull...@gmail.com> wrote: > Hi all, > > How do you manage the system updates with rkhunter? > My system is updating itself every night: if updates are about core > components, rkhunter is highlighting the differences with warnings. > > Do I have to run everyday the --propupd? > > Regards > > > Warning: The file properties have changed: > File: /sbin/init > Current inode: 528322 Stored inode: 543976 > Current file modification time: 1550391778 (17-Feb-2019 09:22:58) > Stored file modification time : 1547546383 (15-Jan-2019 10:59:43) > Warning: The file properties have changed: > File: /sbin/runlevel > Current inode: 542777 Stored inode: 543989 > Current file modification time: 1550391778 (17-Feb-2019 09:22:59) > Stored file modification time : 1547546383 (15-Jan-2019 10:59:43) > Warning: The file properties have changed: > File: /bin/systemd > Current inode: 274320 Stored inode: 264733 > Current file modification time: 1550391778 (17-Feb-2019 09:22:58) > Stored file modification time : 1547546383 (15-Jan-2019 10:59:43) > Warning: The file properties have changed: > File: /bin/systemctl > Current inode: 262251 Stored inode: 263327 > Current file modification time: 1550391778 (17-Feb-2019 09:22:58) > Stored file modification time : 1547546383 (15-Jan-2019 10:59:43) > Warning: The file properties have changed: > File: /lib/systemd/systemd > Current inode: 271364 Stored inode: 264334 > Current file modification time: 1550391778 (17-Feb-2019 09:22:58) > Stored file modification time : 1547546383 (15-Jan-2019 10:59:43) > Warning: The following processes are using deleted files: > Process: /lib/systemd/systemd-logind PID: 463 File: > /lib/systemd/systemd-logind > Process: /usr/bin/influxd PID: 586 File: /usr/bin/influxd > Process: /lib/systemd/systemd-journald PID: 1596 File: > /lib/systemd/systemd-journald > Process: /usr/sbin/cron PID: 6324 File: /tmp/tmpfb2jk1P > Process: /bin/dash PID: 6333 File: /tmp/tmpfb2jk1P > Process: /bin/run-parts PID: 6335 File: /tmp/tmpfb2jk1P > Warning: File '/tmp/tmp.I5F2fmVFF6' (score: 220) contains some suspicious > content and should be checked. > Warning: Checking for files with suspicious contents [ Warning ] > > > > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > -- Mark Stosberg Director of Systems and Security RideAmigos
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
